Terror Goes Online

But so far, the real world is safe from cyberattack

The fact that terrorists make extensive use of the Internet comes as little surprise. But, according to Gabriel Weimann, a professor of communications at the University of Haifa, in Mt. Carmel, Israel, our greatest fear along those lines—the threat of cyberterrorism—is greatly overstated. For terrorists, as for the rest of us, the Internet is primarily a marketplace of ideas unlike any that has existed before, says Weimann.

Weimann recently spent a year as a visiting fellow at the United States Institute of Peace in Washington, D.C. In March 2004, the institute issued his report, "How Modern Terrorism Uses the Internet." His new book, Terror on the Internet: The New Arena, the New Challenges , is due to be published early this year.

Weimann says that the odds of a terrorist using the virtual world to attack key physical infrastructure—by hacking into the computers controlling the power grid, for example—are remote.

Importantly, critical networks are inaccessible from the Internet, Weimann notes. Nuclear weapons and other sensitive military systems, as well as the computer systems of the U.S. Central Intelligence Agency and the Federal Bureau of Investigation, are "air-gapped," that is, there is no physical connection between these government computers and the Internet, making them immune to cyberattack. As we continue to network everything, it will be important to maintain these air gaps.

"Systems in the private sector tend to be less well protected, but they are far from defenseless, and nightmarish tales of their vulnerability tend to be largely apocryphal," says Weimann. However, he adds, "as a new, more computer-savvy generation of terrorists comes of age, the danger seems set to increase."

BUT TERRORISTS ARE USING the Internet, often in the same ways that we all do. They search for information about transportation, infrastructure, maps, shipping activity, economic data, "and even about counterterrorism measures," says Weimann. He notes that in a 2003 speech, U.S. Secretary of Defense Donald H. Rumsfeld quoted a captured Al Qaeda training manual as saying, "Using public sources openly and without resorting to illegal means, it is possible to gather at least 80 percent of all information required about the enemy."

In his March 2004 report, Weimann wrote, "One captured Al Qaeda computer contained engineering and structural features of a dam, which had been downloaded from the Internet and which would enable Al Qaeda engineers and planners to simulate catastrophic failures. In other captured computers, U.S. investigators found evidence that Al Qaeda operators spent time on sites that offer software and programming instructions for the digital switches that run power, water, transportation, and communications grids."

Yet when Weimann looked more deeply into cyberterrorism, he found the threat to be generally less than people think. "In some ways, it's exaggerated," he said in a phone interview. "There hasn't been a single case to date of [a terrorist] using the net to launch a cyberattack."

Weimann says terrorists also use the Internet for fundraising and recruitment. "Before 9/11, they used it very openly," he notes. "We began studying terrorist Web sites in 1998. Back then you could find the bank account numbers they wanted people to donate to, everything. After 9/11, the terrorists moved to different ways, using charity sites where not all the money goes to terrorism. Now it's a challenge to find terrorist sites disguised as charity sites. Al Qaeda, Hamas, Hesbollah, and other groups use the Internet to blend legitimate and terrorist purposes."

The Net can also be helpful in recruiting operatives. Weimann points to the case of Ziyad Khalil, who was recruited online and became a key Al Qaeda operative in the United States. As documented in a 2003 book, Black Ice: The Invisible Threat of CyberTerrorism , by Dan Verton, Khalil bought satellite telephones, computers, and other electronic surveillance technologies for Al Qaeda.

Then there's the Internet's utility for planning and coordination. There are any number of sophisticated tools for collaboration, plus the obvious ones of e-mail, instant messaging, and chat rooms. It's easy to build a new, temporary identity and post entries from public Internet kiosks and cafes. There are plenty of ways to hide or encrypt messages, or terrorists can just speak obliquely.

Weimann says that Mohammed Atta's final message to his fellow 9/11 terrorists was: "The semester begins in three more weeks. We've obtained 19 confirmations for studies in the faculty of law, the faculty of urban planning, the faculty of fine arts, and the faculty of engineering." Weimann believes the talk of various "faculties" referred to specific facilities , such as the Pentagon and the World Trade Center. Sifting the plans from the chatter is perhaps law enforcement's greatest task.

But terrorists are also using the Internet in new and different ways. The Internet is a terrific way for terrorists to get their message out, Weimann says, uncensored and unadulterated by journalists. Traditional media have thresholds that have to be met before they will report something. Images and sources have to be vetted for authenticity and appropriateness. "On the Internet," he says, "terrorists can show what they want. If they want to show a beheading, they can."

"What we see," he continued, "is a blending of the high-tech and low-tech. There is nothing more low-tech than a beheading . But then they post the videos online; they inform the entire world and get immediate psychological impact."

Weimann, applying his early training in psychology, sees this impact as the terrorists' single greatest tool. "The damage isn't just to the beheaded person, it's to the population as a whole," he says. "So they don't need to launch cyberattacks right now."